On Mon, Oct 14, 2024 at 5:33 AM Jan Eden via openssh-unix-dev <openssh-unix-dev@xxxxxxxxxxx> wrote: redacted hostname and port – sorry, should have mentioned that. > > > Anyway, in answer to your question. The "host key found matching a different > > name/address" is triggered when a key received from the server in an update > > already exists under a different name. If you turn the debugging level up, > > then you'll see the name(s) that it matches too: > > > > 2100 if (sshkey_equal(l->key, ctx->keys[i])) { > > 2101 ctx->other_name_seen = 1; > > 2102 debug3_f("found %s key under different " > > 2103 "name/addr at %s:%ld", > > 2104 sshkey_ssh_name(ctx->keys[i]), > > 2105 l->path, l->linenum); > > 2106 return 0; > > 2107 } > > 2108 } > > Thank you! Increasing the verbosity revealed a known_hosts entry linked > to serverA's IP address (I had forgotten that I had connected to it by > IP address at some point). Deleting this entry solved the problem; the > new host key was stored in known_hosts when I connected to serverA > again. > > - Jan And... *THIS* is why so many people disable known_hosts entirely. The chance of an IP address being reused for a distinct hostname is pretty high in a DHCP environment without reservations, coupled with dynamic DNS. It's also very common when servers get rebuilt from images and fresh hostkeys generated automatically on the same hardware, even with the same IP address. The popular solution is to simply disable known_hosts in your ~/.ssh/config as needed: # Disable known_hosts to avoid IP re-use conflicts Host * UserKnownHostsFile /dev/null StrictHostKeyChecking no LogLevel ERROR _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev